In brief
- Ethereum developer Martin Holst Swende identified and suggested a fix for a loophole in EIP-1559, a major upgrade scheduled for mid-July.
- The loophole, if left unfixed, would have allowed for fake large transactions that could overwhelm the network.
Ethereum developers have fixed a loophole in a forthcoming upgrade that would have left the network vulnerable to fake large transactions.
Scheduled for mid-July, EIP-1559 burns some ETH spent on processing transactions instead of giving it all to miners, as is currently the case. The proposal aims to reduce the volatility of Ethereum’s transaction fee.
Under EIP-1559, users can “tip” miners and the Ethereum network to speed up transactions. To do this, they specify the maximum amount they are willing to pay.
Martin Holst Swende, an Ethereum core developer from Sweden, worked out on Thursday that EIP-1559 placed no limit on the maximum amount a user could pay to speed up transactions.
An attacker could thus insert an absurdly high number to overwhelm the network, even if they didn’t have the funds to pay for the tip.
“Because the fields in 1559 are maximums, you could abuse this, not actually pay those huge gas values, and spam the network,” Ethereum core developer Tim Beiko tweeted Friday.
To close that loophole, the developers implemented a solution proposed by Swende: four lines of codes that capped transactions at a limit of 2^256, a widely used cryptographic hash function that also underpins Bitcoin.
On May 14, Ethereum developers agreed to delay until December a “difficulty bomb” that would make severely slow down the network.
The difficulty bomb is designed to encourage Ethereum developers to hasten the development of Ethereum 2.0, the long-awaited upgrade to the Ethereum network that would reduce fees and increase throughput.
